8 chapters
have results for cybersecurity
Chapter 8. Cybersecurity 91 results (showing 5 best matches)
- As regulators, legislators, courts, and companies have begun to focus on cybersecurity, general trends have emerged that suggest what policymakers presume it to mean in the context of government oversight. Most notably, the Cybersecurity Act of 2015—which does not define cybersecurity, but which lays out protocols for voluntary private coordination with the federal government—identifies “cybersecurity threats” as:
- National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity
- Policy responses to such threats are, however, largely fragmented. The United States does not have a single, broadly-applicable cybersecurity law or regulatory agency in charge of ensuring cybersecurity. Indeed, there are very few laws that explicitly mention cybersecurity by name, and those laws that do mention cybersecurity, do not even define just what is “cybersecurity.” varying cybersecurity norms and obligations. This chapter surveys the morass and highlights the most important and relevant rules to the fintech ecosystem.
- Cybersecurity frameworks are highly popular and influential sources of cybersecurity norms. The Financial Industry Regulatory Authority (FINRA) observed in a 2015 study of broker-dealers and exchanges that nearly ninety percent of firms falling under its jurisdiction use one or more of three following frameworks in developing their cybersecurity systems:
- Appoint a qualified Chief Information Security Officer (CISO), either directly or through a third-party, responsible for implementing and overseeing the cybersecurity program and preparing an at-least-annual report to the firm’s board covering the firm’s cybersecurity program, material risks, and material cybersecurity events;
- Open Chapter
Chapter 5. Marketplace Lending 1 result
Chapter 6. Mobile Payments 4 results
- For more on both the FTC and CFPB’s authority and relevant cybersecurity rules, see Chapter 8, Cybersecurity.
- and Cybersecurity
- UDAP provides some assistance in helping ensure commercial providers use strong cybersecurity measures. Cybersecurity, though not explicitly within the terms of the statute, falls under the purview of the FTC Act. Specifically, the Act gives the FTC the power to punish and prohibit firms from affecting commerce when it determines that “the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”
- UDAP charges were brought in the context of Venmo’s alleged lax security, a broader issue discussed in Chapter 8, Cybersecurity. Ultimately, however, PayPal would not have to pay any money as part of a settlement since the alleged infractions occurred prior to its purchase of the company.
- Open Chapter
Chapter 3. Robo-Advisors 4 results
- For a broader overview of cybersecurity rules, see Chapter 8, Cybersecurity.
- Cybersecurity
- Failure to comply with these mandates can potentially violate SEC antifraud prohibitions against material misstatements and omissions as well as subject a firm to administrative sanctions. Additionally, under Regulation S–P, enforcement actions can be brought against a firm registered with the agency for failing to establish cybersecurity policies prior to a breach and failing to report data breaches.
- ...that regulated entities are expected to disclose cyber risks and incidents in their periodic reporting, and these risks are considered material in firm disclosures of business and operations, risk factors, legal proceedings, and management discussion and analysis of the firm’s financial condition and operations. Additionally, under Regulation S–P, financial firms are required to adopt written policies and procedures that “are reasonably designed” to protect customer records and information. Such procedures include: establishing tailored policies and back testing such policies to ensure their effectiveness; periodically assessing vendors and third party service providers that have access to client information; and operationalizing reporting mechanisms such that breaches are quickly brought to light. Notably, Rule 206(4)–7, discussed above, provides an additional regulatory mandate for investment advisers to ensure that cybersecurity policies and procedures are backed with...
- Open Chapter
Index 30 results (showing 5 best matches)
- The book concludes with two chapters on the most critical cross-disciplinary concerns for fintech: anti-money laundering (AML) and cybersecurity. AML efforts, discussed in Chapter 7, are those designed to deter the use of banks as instruments through which the financing of criminal and terrorism activities is concealed. Cybersecurity, discussed in Chapter 8, refers to the steps taken to defend financial firms from an ever-increasing array of security risks that threaten data and information technology systems. Online banking can expose customers to hackers who can access sensitive financial information, just as digital wallets and mobile phones can open ports of entry for nefarious actors bent on stealing customer funds or using their credit without their knowledge.
- decades, thousands of new upstart firms have emerged, offering novel financial products and services in an increasingly digital marketplace. Innovative, mobile-ready credit and payment products are enabling consumers to access seemingly cost-effective financial products at the touch of a button. Payments can be made online and on cell phones, as well as through prepaid cards; loans can be approved online, an extended by individuals as well as financial institutions; trading on exchanges can be executed in time frames so short one needs a Ph.D. in physics to properly appreciate. All the while, new threats and risks to the financial system are arising, and portending new challenges for cybersecurity and regulatory compliance. These changes are i
- Open Chapter
Chapter 2. Digital Assets 1 result
- First, the Investment Company Act sets standards defining who may act as a custodian of funds’ assets to ensure safeguard and necessary verification of those assets. Custodians must also demonstrate sufficient cybersecurity and protections for customer assets. The SEC noted that the staff was unaware of a qualified custodian currently providing fund custodial services for cryptocurrencies. Furthermore, the SEC indicated that the industry would have to demonstrate how a fund intended to validate existence, exclusive ownership and software functionality of private cryptocurrency keys and other ownership records. Applicants would likewise have to explain the extent to which cybersecurity threats imperiled wallets and the safekeeping of fund assets, and what steps ETFs would take to safeguard holdings.
- Open Chapter
Outline 6 results (showing 5 best matches)
- Publication Date: November 18th, 2019
- ISBN: 9781640208353
- Subject: Banking/Financial Institutions
- Series: Nutshells
- Type: Overviews
-
Description:
Technology is redefining financial services—including the way actors make and settle payments, raise capital, extend loans, and memorialize increasingly complex relationships. At the same time, new innovations—from cryptocurrencies to marketplace lending, robo-advising, and mobile payments—are creating novel regulatory issues for anti-money laundering requirements and cybersecurity. This Nutshell provides an overview of some the key developments reshaping finance—and the rules deployed to oversee them.
Chris Brummer's Fintech Nutshell has been named by BookAuthority one of the 20 Best New Fintech Books to Read in 2020!